(no subject)

[arethinn]

Apparently Norton thinks the autorun.inf file on my USB stick (which, guess what, launches the U3 system -- and which I don't use anyway as I have this kind of autorun functionality turned off in Windows) is a Trojan horse. *eyeroll* Every so often it keeps "quarantining" it when I plug it in (note: not every time, not even most of the time) and periodically asking me did I want to clean the file (note: often when it's not even inserted). grr.

Comments

[elven-ranger.livejournal.com]

sounds like Norton. AVG rules! :D

[elethian.livejournal.com]

This is my work computer so I don't have a choice. I don't even run any antivirus software on my home computer, actually.

[rainsingingwolf.livejournal.com]

That's because it pretty much is a virus. :P

[sylvanawood.livejournal.com]

Norton complains because you've caught a nasty bug.
http://vil.nai.com/vil/content/v_142438.htm
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx
It's a bit of a pain to get rid of it. The best method is to go via console, take over posession of all the files on your stick, display the hidden files, and then look for the Recycler. The files you want to remove are usually in there (you don't see the recycler on the stick, and can't usually access it). The file used to be: c:\recycler\...\ise32.exe
Go into the registry, search for ise32.exe and remove that, too.
Afterwards, block the autorun function on your computer (see second link). If you don't remove it, it spreads merrily from stick to stick. Even if it is quarantined, it manages to annoy you and your system with constant warnings.
Been there, done that, peace now.

[starlightforest.livejournal.com]

I have hidden files on and autorun off anyway (autorun annoys the crap out of me). Recycler on each of two USB sticks is empty and there are no instances of that exe name in my Registry (aside from as a part of the filename UNWISE32.EXE which is an uninstaller, of course) or on the hard drive, on my laptop anyway (I guess I'll check at work). *shrugs* Guess I may as well delete the autorun.inf just for the heck of it.

Not sure what you mean by this:

The best method is to go via console, take over posession of all the files on your stick

Since "console" to me is the Recovery Console and not just a standard command window. What file permission are you suggesting I set?

edit: That first link says it's called niu.exe, which also didn't exist on my work hard drive. The only reference to it in the registry was in Search Assistant, which is search history (for example now it says "*.html" because I just searched for that). I couldn't find any examples of the code it supposedly inserts into HTML files when I checked a random ten or so.

[sylvanawood.livejournal.com]

Not the recovery console. The command window should be sufficient for that. But I'm not familiar with the newest version of that worm, you'll have to look it up yourself, likewise the filenames. You'll find the detailed descriptions of all these variants (and tips how to remove them by hand when they mess up your virus scanner) on all major antivirus websites. We have McAffee here, and I just gave you our old links as an example. There's no use sending you my tutorial, since it's in German.

The crux of all the chatter is that it is something that needs to be taken seriously because it's spread like wildfire through usb sticks and the like, but also well known and can be removed.

It's also important to keep the patches and security updates up-to-date, but you know that already.